Purpose: Helps you enumerate all the groups in your active directory domain and checks each group's membership count. You set a value to compare, if the members in the group is more than what you specify, the script will prompt you the group name and the count.
How to use:
- Save the script anywhere, name it CheckCount.vbs
- I assume you save it to c:\script
- Open a command prompt and navigate to c:\Script
- Type in "cscript CheckCount.vbs > results.txt"
- Wait till operations finish, use notepad to open results.txt
Done. Enjoy. Of course, there are many rooms to improve. I realise this Counting of Members in Group code wasn't easily found on the net, so i'm sharing it here.
You can download the script here.
http://sgwindowsgroup.org/forums/thread/3240.aspx
'************************************************************
'
' Name: Dennis Chung (Dennis@mvps.org)
' MCP, MCSA, MCSE, MCTS, MCITP, MCDBA, MCT, MVP
' Version: 1.0
' Description: Grabs every security group in AD and outputs
' to screen any group containing more members
' than specified value.
' Date: 07 July 06
'
'************************************************************
'********************************************************
'Membercount specified the number of member in a group
'Any group containing members more than this number will
'trigger the prompt
'********************************************************
'********************************************************
'This is the domain in which the script will run against
'In order for the script to run successfully, you need to
'login to the domain directly
'********************************************************
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
'********************************************************
'This is the query that grabs every single group.
'You can use "Name=gp*" as part of the query to pull out
'group that starts with gp*
'********************************************************
"SELECT distinguishedName FROM 'LDAP://" & Domain & "' WHERE objectCategory='group'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF '***************************************************************************
'For every group that was retrieved from the domain, check the members count
'*************************************************************************** Set objGroup = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
Set adsMember = objGroup.Members '**************************************************************
'If the count is larger than the MemberCount, it'll be prompted
'************************************************************** If adsMember.Count > MemberCount Then
WScript.echo objRecordSet.Fields("distinguishedName").Value & " - " & adsMember.Count
End If
objRecordSet.MoveNext
Loop
